From find-cve-agent
Discovers high-quality npm/PyPI/GitHub packages for vulnerability audits using criteria like downloads/stars/maintenance and strategies like npm/gh search. Useful for new security research cycles.
npx claudepluginhub byamb4/find-cve-agentThis skill uses the workspace's default tool permissions.
Starting a new research cycle. Need fresh targets with high CVE potential but low existing researcher attention.
Multiplies security findings by extracting vulnerable patterns from confirmed issues and searching similar packages via grep.app regex in JS/TS/Python files.
Evaluates packages, manages dependencies, and addresses supply chain security for npm/pip/cargo/bundler/Go. Use for auditing packages, reviewing lockfiles, checking vulnerabilities, comparing alternatives, assessing trustworthiness.
Audits project dependencies from package.json, requirements.txt, go.mod, Gemfile for CVEs, outdated packages, transitive issues, licenses, and supply chain risks. Provides severity assessments, remediation suggestions, and prioritized reports.
Share bugs, ideas, or general feedback.
Starting a new research cycle. Need fresh targets with high CVE potential but low existing researcher attention.
The ideal target is a package that:
# Search by category
npm search xml parser
npm search csv parse
npm search template engine
npm search file upload
npm search schema validator
# Check weekly downloads on npmjs.com
# Look for packages with 100K-10M weekly downloads
# Search repos by language and star count
gh search repos "xml parser" --language javascript --stars 500..15000
gh search repos "yaml" --language python --stars 500..10000
gh search repos "template engine" --language javascript --stars 500..15000
gh search repos "archive extract" --language go --stars 500..10000
Search for vulnerable patterns across many repos:
https://grep.app/search?q=new%20Function®exp=false&filter[lang][0]=JavaScript
https://grep.app/search?q=eval%28®exp=false&filter[lang][0]=JavaScript
Check dependency counts -- packages depended on by many other packages have higher impact.
| Category | Vulnerability Classes | Example Packages |
|---|---|---|
| Parsing (XML/CSV/YAML) | Entity expansion, ReDoS, clobbering | fast-xml-parser, csv-parse, js-yaml |
| Validation/Schema | Code injection, ReDoS, proto pollution | ajv, joi, fastest-validator |
| Template Engines | SSTI, code injection | ejs, nunjucks, handlebars, pug |
| Archive/Compression | Zip Slip, decompression bomb, path traversal | adm-zip, decompress, fflate |
| File Handling | Path traversal, symlink attacks | express-fileupload, formidable |
| Deep Merge/Clone | Proto pollution, recursion DoS | deepmerge, rfdc, klona |
| Expression Evaluators | Sandbox escape, code injection | simpleeval, expr-eval, filtrex |
| HTTP Clients | SSRF, header injection, auth leak | got, superagent, needle |
| Serialization | Clobbering, code injection, recursion | flatted, superjson, msgpackr |
| URL/Path Utilities | SSRF bypass, path traversal | url-parse, normalize-url |
For each candidate:
Write a brief for each approved target:
# Target Brief: [package-name]
- **GitHub**: [URL]
- **Stars**: [count]
- **Weekly Downloads**: [count]
- **Last Commit**: [date]
- **Language**: [JS/Python/Go/etc.]
## Attack Surface
- [What untrusted input does it process?]
## Existing CVEs
- [none / list with CVE IDs]
## Bug Bounty
- [yes/no + link]
## Top 3 Vectors
1. [Most likely vulnerability class + why]
2. [Second most likely]
3. [Third most likely]
## Why Promising
[1-2 sentences on why this target is worth investigating]